Search

Know Your Customers, Employeers, Partners and Contractor

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    I work as senior consultant for Scalaris, a Swiss companies specialised in OSINT solutions for banking, maufacturing and government. United Arab Emirates and Swiss share a high exposure to financial crime, which we help fight with our KYC solutions. We also share bad press at the moment, for cases like UBS and the alleged laundering of money coming from piracy related activities. We can therefore testify about the reputational consequences of not being compliant. I will give you an overview of tools, information and organisational means to help you reduce this risk. I‘m also glad that Mr. Martin Stone , Head of Middle East & North Africa Business Practice, THE RISK ADVISORY GROUP Introduced some of the topics I will outline in his presentation earlier this morning.

    Before I start, I want to share with you some definitions, to establish common understanding of terms that often misused or wrongly interpreted. Pls take a minute to read trough the definitions: my goal is to show to you how the „raw materials“ (information and content) can be used to produce intelligence, which is evaluated information Intelligence is by the way done every time you make a decision, which can be an informed decision….or not.

    In our particular case, an informed decision adresses some particular threats, with the objective of reducing some particular risks. The list of threats might be non-exhaustive…. I came across a company that admitted to have a bribery budget….dedicated to the middle east and north africa

    To distinguish a criminal action from criminal information operation can be difficult, however the law punishes both I’d like to give you an example: Somalian piracy case Allegedly Dubai, Kenya financial platform used to launder ransom money There are also concerns that some of the piracy money may have ended up with Islamist militants both in Somalia and abroad. However this has not been acknowledged because shipping companies would be breaking laws on funding terrorism by paying ransoms. This is a Money Laundering Criminal action Stephen Askins, senior partner with the law firm Ince & Co, which specialises in the subject, said: "Current anti-terrorist laws make it illegal to make payment to those who carry out such acts motivated by politics or ideology This is also a criminal information operation as you are facilitating criminal actions from others (the pirates)

    As risks affect many departments of a corporate there is a highly complex information exchange This complexity requires different “tools” to be reduced: human intelligence to analyse information and positively influence the decision making process time to understand >>>> time can and should be saved in the information gathering and preliminary analysis ...but don’t fall in the reductionist trap: Avoid a dashboard view >>> very often you cannot reduce a highly complex situation in 3 pages, as your top management requires ...and use trust with reason, for instance, to quote Machiavelli: Never trust managers who pretend to know everything, it is usually all they know (paraphrase of Machiavelli) A complex organisation has many systems, many databases, many people that could hide risks

    And to make things event more complex….. External information (OSINT) surrounds existing internal information. Technology (ie. Search technology or Meaning Based Computing ) should support the matching and analysis of internal and external information Too keep my focus on the pirates…I can say that in many cases old but available information can be very useful: i.r. piracy fighting policies and techniques have been developed and applied in many cases in the past centuries Romans fighting piprates in the Mediterenean sea British fighting pirates in the Carribean (pirates history demonstrated being financed by the French….) This information is in books, not a PowerPoint of the US Marine Corp and the UK Navy….you need some time to read books……. A machine, tough, can help you identify the book that contains the information….

    The trend to use this kind of information is not just a common-sense based suggestion…. As this picture shows (it has been showed also in a military environment) there is a true shift in intelligence Event the pirates follow this trend….. Somalian piracy case Investigators have discovered that the pirate gangs are exploiting information available to the shipping industry to plan their attacks. Front organisations are believed to have signed up to the Lloyd's List ship movement database, and sources such as Jane's Intelligence, to ascertain protective measures being undertaken by the shippers. In addition they have bought equipment to monitor radio traffic. … .it is quite obvious that they do not subscribe to Lloyds database from their mother-ships in the indian ocean….someone definitevely helps them from the mainland… http://www.independent.co.uk/news/world/africa/pirates-the-80m-gulf-connection-1671657.html

    This new use of information (even from the pirates) shows that to manage complex operations, you need to satisfy complex information requirements. From shipping information to SIGINT (radio com monitoring) CHEAP EXPENSIVE SMART RISKY COMPLEX INTERMEDIATED COMPLICATED >> sometimes it is not necessary to hire an investigator to discover information already surfaced by the media >> you don‘t need a plane to take a picture of a competitors plant…..Google Earth or other private satellite images providers probably have already done the job for you

    So, if don‘t have an MI5 orgainsation at your service, like Her Majesty…..take a look to Open Source Intelligence

    With a simple attitude change, you might not only know your business better but also please who controls your business (regulators, police, secret service….) It is quite easy to recognise that Regulators are basically shifting the responsibility of crime due diligence from law enforcement agencies, to corporates and this is particularly trough in the financial industry. As a consequence, companies i.e. banks, have a great advantage in being better informed about their actvities, both from a legal and operational perspective

    March 2009 - DB, Airbus, Daimler data privacy violation case Dec 2008 - Madoff case Dec 2005 – ABN Amro forced pay US$80 million in fines and penalties for failing prevent money laundering. Nov 2005 – Bank of New York given US$38 million penalty for failure monir accounts and file Suspicious Activity Reports (SARs) Oct 2005 – Deutsche Bank ordered shore up its AML practices within its US operation by the Federal Reserve and state regulars. Most of the issues related the provision of Correspondent banking services May 2004 – UBS fined $100million by the Federal Reserve for illegally transferring dollars from a Fed deposit account at UBS Cuba and other countries that were then under a US trade embargo

    However, if information collection and exploitation is a virtous practice, it can hide potential risks With the use of OSINT this risk is certainly lower (compared to the risk of using traditional investigation techniques), but you need to consider that accessing electronic information requires adequate investment in IT security and possibly a complete search anonimysation: Examples of information leakage: The Fortress example: 500 cakes ordered The bar and parties where you can find wealth managers ANONYMISATION is KEY The more you monitor, the more you can be monitored

    I will deliberately avoid a market review, but only share with you a solution typology…..my background is Information ….not IT

    Prevention -Undetectable Open Source Intelligence - Information Retention -Outsourcing of Investigation Litigation -Lawsuit and Matter Management -Collaborative and Auditable Environment -Integration with forensic and prevention Forensic -Information Disclosure on Demand Paper, Files, E-mails Archiving Information Capturing and Forensic Services

    I‘m particularly interested in a preventive approach…..as always preventing is the best and cheapest option… I outlined in this table what are the needs for information, for whom, where, and how Of course large organisation might have other applications in mind…..the table can be expanded…. What exactly do we want to achieve ? Information is different from IT Information:  Inform itself comes (via French) from the Latin verb informare, give form , form an idea of. Content: in media production and publishing, content is  information  and experiences Technology:  is a broad concept that deals with an animal  species ' usage and knowledge of  to ols  and  crafts , and how it affects an animal species' ability control and adapt its  environment . Intelligence  (abbreviated int. or intel.) is not  information , but the product of evaluated information, valued for its currency and relevance rather than its detail or accuracy —in contrast with " data " which typically refers   precise  or particular information, or " fact ," which typically refers   verified  information.

    I will not focus on Litigation and Forensic tools, at least not today…….next

    But I want to point out that OSINT is one of 3 areas you need to control HUMINT : is obviously labour intensive CORP INFO is massive amount of information, specially if you consider also paper information and the trend to information overload

    OSINT – HUMINT – Corporate Info do have things in common: The collection of significant amount of data The need to refine them The goal to exploit them The oil analogy has not only a geographical reason, but is also a simple model of the intelligence activity I have 3 questions, that I hope will trigger a reconsideration of the status of everybody‘s information strategy: Are all sources you need available ? Archived ? Frequently updated ? In the right exploitable format (paper not really suitable….) At the right time ?

    There are not many players in the information chain management market. 3 players share 80% of the market, only 2 have significant experience in OSINT, and can support massive information retrieval and analysis An entreprise search engine is therefore a life saving tool for compliance, very often, I must say, used to retrieve internal documents

    This tools are capable of many things, here is an example of a fundamental functionality in the AML area, and generally speaking in intelligence (be it OSINT or HUMINT). Name matching is important: if I use the list of attendees of this conference, the number of homonymics is surprising……it is a typical case of FALSE Positives…..probably the most time consuming task in the KYC process for banks…… So the technology is certainly granting access to information, but it could be the wrong information…..

    Here too the complexity is high, and even higher in countries like UAE where most of the workforce is multinational … Again, referring to to Martin‘s Stone previous interventation, translitteration is indeed an issue, particularly in the Gulf, where we find difficulties well known also in other regions (i.e. You have many alphabet standards in Cyrillic…..) There are many factors influencing correct retrieval of information about a persons name: Language Alphabets Spelling Synonims Typing errors

    I think there is no need to stress event more the importance of sanctions and the proliferation of regulations 21 April 2009 The Financial Crimes Enforcement Network (FinCEN) and the Office of the Comptroller of the Currency (OCC) today announced the assessment of concurrent civil money penalties, each $5 million, against the New York Branch of Doha Bank, Doha, Qatar ("the Branch"), for past violations of the Bank Secrecy Act (BSA). The Branch, without admitting or denying the allegations, consented to payment of the civil money penalties, which will be satisfied by a single payment of $5 million to the U.S. Department of the Treasury Lloyds Shipping information is a good example of criminal fast learning HD U.S.-Halliburton Fallout [analysis] http://global.factiva.com/redir/default.aspx?p=sta&ep=AE&an=AFNWS00020090414e54e001e9&fid=300405626&cat=a&aid=9ZZZ002000&ns=16&fn=KYC%20General&ft=g&OD=V2AUbjNaqd6b6yKMegonfnoY9oOdATkhWR19knPBTvmljPNVjs%2fEl5nw%3d%3d%7c2 WC 3844 Words PD 14 April 2009 ET 21:04 SN All Africa SC afnws LA English CY (c) 2009 AllAfrica, All Rights Reserved   LP Washington, DC, Apr 14, 2009 (AfricaFocus/All Africa Global Media via COMTEX) -- AfricaFocus Bulletin   Fallout is continuing from the long-drawn-out case of Halliburton and Kellogg Brown & Root bribery of Nigerian officials for contracts for a liquefied natural gas plant in Nigeria. In February the two companies agreed to a settlement with the U.S. Department of Justice and Security Exchange Commission, including payment of a total of $579 million in fines. Further investigations are under way in five countries; and a detailed expose in Nigeria's Next newspaper has accused three former heads of state of being involved with the payments.  

    I think it is more interesting to look at distribution of compliance violations. The immediate conclusion is that on a daily basis small incidents occurr very often, and can be managed with a reasonable amount of time and information. A name check requires some millisecond, including the sanction list screeening (and we talk about 300 + lists, not only OFAC and similars…..) The requirement for information changes dramatically and increases together with severity…..moving to the right, only complex solutions, including technology and large content collections can reduce the need for Human Intellligence, which should be the…last mile

    Regulators as well are aware of these statistics, and encourage, or oblige banks to shift from a transaction based compliance culture to a risk oriented one…..and banks of course prefer numbers rather than the so called un-structured information… This is not an evolution, but a dramatic change in the financial industry….probably not a revolution….but at least a big change New regulations (3rd EU AML Directive, Anti-Corruption initiatives etc.) now highlight the consequences of unilateral risk management The value of external information to prevent risk rises considerably The possibility of global media monitoring is influencing compliance obligations and consequences of compliance failures There is an emphasis on external information: a

    … .and beside regulators new requirement, the world is multiplying the available information anyway, creating the haystack where you’re requested to search for the needle…..

    … ..in this information storm, you need to follow some search rule or you might not find who or what you‘re looking for……because of….

    … fortunately you‘re not in this quest for information, there are value added providers that can go beyond Google, which maybe is not evil, but it‘s certainly not a professional tool to look for information……..and share all you search strings and results with the authorities ( with help of the Patriot Act, which might be useful, but certainly is not respecting your privacy….) The Lloyds database of the Somali pirates is just one example, talented money-launderers are also using the same content providers …..the question being Am I on a sanction list….? LONDON (Dow Jones)--Organized piracy syndicates operating in the United Arab Emirates and other Gulf states are laundering the vast ransom sums taken by Somali pirates, The Independent reports Tuesday.   A director of security firm Idarat Maritime, which specializes in marine security, told the newspaper the movement of ransom money is "an international problem," with front organizations believed to have signed up to the Lloyd's List ship movement database to ascertain protective measures being undertaken by shippers.   A senior official with Lloyd's List told the newspaper there is a "lot of sophistication in the way piracy has developed." Investigators have discovered that the pirate gangs are exploiting information available to the shipping industry to plan their attacks. Front organisations are believed to have signed up to the Lloyd's List ship movement database, and sources such as Jane's Intelligence, to ascertain protective measures being undertaken by the shippers. In addition they have bought equipment to monitor radio traffic.

    … .of course not every provider / aggregator offers the same service level, which you can evaluate with this diagram…… As you see, even in this case, the mix of Content, Technology and Service is key……

    Now the difference between googling and paying for information should be clear….. Fee based providers often go back 30 years or more Internet can only go back the ‚90s info…..you don‘t get it for free…….for instance once an oil company asked to get free trial for one year, working at DowJones at that time I told them that I would do it in exchange of free gasoline for one year………fortunately they didn‘t accept, or I would have been convicted for bribery……

    As for search engine, the market is very consolidated, and dominated by western providers….. This could be a problem here in UAE, and I reccomend to consider accessing also local information aggregators or source…. „ Locals“ are often better informed …..has you have seen in Stone‘s presentation, access to publicly available info can be difficult, or info not updated, unreliable. However, technology and agreements with local sources can help….. It is possible to search across multiple databases, at the same time, in many countries….

    From a revenue perspective this is the situation…

    The information avaiable is provided by global players….while very often criminal cases are local If you refer to the previously showed graph the information required to solve a compliance / security incident is proportional to it‘s severity A good practice is to cover your information requirement as much as you can, and sourround your Critical Information Requirements: the costs of doing so are not significant compared to the risk of missing critical information The info you need is almost probably in the small information gap that you can reduce as much as possible by allowing at least some content provider overlapping

    Overlapping is also giving you different perspectives……the FT and the WSJ will give the same news, but almost probably a different analysis…… A correct and complete interpretation of sources is of the highest importance The information market is currrently dominated by anglo-saxon sources It is therefore important to have access to local sources The differences of perception can have a dramatic influence of the quality of intelligence And if you drill down you will find out that also the subsets of content aggregators need to be evaluated (there are thousands of official sources, from thousands of official publishers) This is high value

    If content becomes information with help of technology, where is the human contribution ? The human is the one who asks QUESTIONS and takes DECISIONS…

    … and in this example of prevention process, by giving a model, a roadmap to have the right questions answered. Very often it will be CEO/CFO responsability to decide, however the Compliance Officer, Head of Security will be responsabile for not delivering the right information

    In Forensic process, the process is very similar and so is the technology. The processed information will be quite different tough. Also in this case only the right questions can be followed by the right decision

    … .before my conclusion, let me share with you 2 last slides on what you can achieve with Crime Due Diligence investigation , where OSINT will be only a support, and HUMINT the main effort. As you can see the level of detail can be very high, altough also the risk of information leakage and therefore the security risk will grow exponentially……

    …… as pointed out before, every investigative activity is a potential risk, and needs therefore to be treated by professionals….. Part of the Crime Due Diligence process can be completed with appropriate preventive research, to be conducted with OSINT tools. An Anonimized OSINT process can avoid risky information leakages, and give the informative background that will guide the HUMINT effort of Crime Due Diligence

    Favorites, Groups & Events

    Know Your Customers, Employeers, Partners and Contractor - Presentation Transcript

    1. Agenda
      • How can open source intelligence (OSINT) solutions help manage compliance risks
      • Available IT solutions to support the intelligence effort
      • The role of external content for effective intelligence and risk analysis
      • The role of processes and people
    2. Definitions Information:  Inform itself comes (via French) from the Latin verb informare, give form , form an idea of. It is an understood message and / or a sensory input, an influence, or a record (if it has a business value) Content: in media production and publishing, content is  information  and experiences that may provide value for an  end-user / audience  in specific contexts. Content may be delivered via any  medium  such as the internet, television, and audio CDs, as well as live events such as conferences and stage performances Technology:  is a broad concept that deals with an animal  species ' usage and knowledge of  tools  and  crafts , and how it affects an animal species' ability control and adapt its  environment . Technology is a term with  origins  in the  Greek "technologia", "τεχνολογία" — "techne", "τέχνη" ("craft") and "logia", "λογία" ("saying").However, a strict definition is elusive; "technology" can refer material objects of use humanity, such as  machines ,  hardware  or  utensils , but can also encompass broader themes, including  systems , methods of  organization , and  techniques Intelligence  (abbreviated int. or intel.) is not  information , but the product of evaluated information, valued for its currency and relevance rather than its detail or accuracy —in contrast with " data " which typically refers   precise  or particular information, or " fact ," which typically refers   verified  information. Open Source Intelligence (OSINT) is form of  intelligence collection management  that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable  intelligence . In the  Intelligence Community  (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to  open-source software .
    3. Security Threats and Compliance Risks Compliance and Security Threats Corruption Financial fraud Embezzelment Vandalism Social and political instability Theft Sabotage Cyber crime Industrial espionage Terrorism acts Extortion Robbery Corporate Risks Legal Financial Reputational
    4. Proliferation of risk factors
      • The complexity of day‘s world requires a virtually unlimited access relevant information for decision making
      Criminal action Criminal Information Operation
        • infringe regulary or antitrust constraints,
        • promote corruption and embezzlement,
        • participate in fraud machinations,
        • be involved in money laundering schemes,
        • breach international embargoes or national sanctions,
        • assist in the proliferation of strategic goods and WMD,
        • enable terrorist financing,
        • cause serious environmental or health damages,
        • being a implicated in organized crime,
        • be involved in activities heavily violating human rights
        • infringe regulary or antitrust constraints,
        • promote corruption and embezzlement,
        • participate in fraud machinations,
        • construct money laundering schemes,
        • breach international embargoes or national sanctions,
        • facilitate proliferation of strategic goods and WMD,
        • enable terrorist financing,
        • disguise environmental or health damages,
        • facilitate organized crime,
        • disguise activities heavily violating human rights
    5. Organisational complexity: Who is involved Human Resources Hiring Legal Risk Competition CI Product CSR CI Marketing Group Risk Public Affairs corp comms Marketing Operations Legal Compliance Operations Legal Manufacturing PR XXXXXXX
    6. Information surrounding corporates
    7. A new information paradigm
    8. How can open source intelligence (OSINT) solutions help manage compliance risks
    9. Information requirement other sources/methods/disciplins OSIF TECHINT MASINT IMINT SIGINT HUMINT Printmeda „ Internet“ TV-/Radio Blogs Video-blogs Wickis Plattforms of NGO Publicly available sources Private Information Provider Requirement of information
    10. OSINT information requirement Commercial Online Books & Journals Conferences & Dissertations Maps & Commercial Imagery Internet Telephone Surveys Gray Literature Complex Human & IT Services OSINT Universe
    11. The risk of corporate „autism“ Auto-referential High risk exposure
        • Emergence of business intelligence, CRM, collaboration tools has multiplied the internal information available, and the emphasis on it
        • Many organisations rely very heavly on intangible information, held by employees (the wealth manager who knows his customer inside-out, etc.)
        • Difficult access to information
        • Internal information (customer names, partner companies, suppliers) is not matched with the external information available (biographies, company profiles, news)
      Open external information Risk conscious
        • Regulator‘s requirements and risk management policies ask for an intelligent exploitation of the external information available
        • Intangible information assets can be improved with access external information
        • IT is now capable of „connecting-the-dots“
        • Content aggregation is now a mature market, offering a global coverage, with structured data delivery and integration capabilities
    12. The risk of not knowing Legal & compliance risk Cost of remedial actions «Top Management attention » cost Cost for rebuilding your brand
    13. The back-hole: information security risk
      • External monitoring of:
      • Internet
      • Content providers
      • Consultants
      • Contractors
      • Employees
      • Access of classified information:
      • Industrial espionage
      • Cyber crime
      • Data on current / past investigations
    14. Available IT solutions to support the intelligence effort
    15. Corporate Intelligence is an integrated framework of information and technology Prevention -Undetectable Open Source Intelligence - Information Retention -Outsourcing of Investigation
      • Forensic
      • -Information Disclosure on Demand
      • Paper, Files, E-mails Archiving
      • Information Capturing and Forensic Services
      Litigation -Lawsuit and Matter Management -Collaborative and Auditable Environment -Integration with forensic and prevention Corporate Intelligence Proactive Reactive
    16. Preventive approach Industry Need Departments Typical risk General characteristics Specific characteristics Banking Know Your Customer Compliance Legal Anti Money Laundering International affairs Legal risk related fraud and financial crimes Reputational risk Access premium intelligence information Name matching performance with advanced linguistic and cultural capabilities Unlimited scalability (for screening up several millions records per day, names and/or transactions) Flexibility in rollout (from lap top big parallel server farms) Automatic maintenance for traceability of activities Anonymous search Access must-have AML sources (World-Check, Dow Jones) Customer On-boarding Advanced Automatic name matching Anonymous Search High risk industries Know Your Employees Partners Contractors Top management Security HR Internal fraud Legal risk Reputational risk Operational risk Data on-boarding Global information coverage Internal data integration Experience with military intelligence Law enforcement Attorneys Army Know Your Open Sources OSINT units Research departments Crime Terrorism Conflicts Global coverage Criminal records coverage Experience with military intelligence
    17. Reactive approach
      • Litigation eDiscovery
      • Data collection
      • Analysis
      • Review
      • Forensic eDiscovery
      • Information management
      • Early Case Assesment
    18. Global information flood is the main challenge Open available Sources 500‘000 Messages a day from 30‘000 news Papers, radio, tv
      • Official Sources:
      • Print- Media
      • TV-/Radio
      • Professional Providers
      • „ Internet“:
      • Blogs
      • Video-blogs
      • Wikis
      OSINT based Systems „ Googles“ 70 % 30 % OSINT Files E-Mail Paper Scanning Hard Disks Corporate Information Corporate Intelligence HUMINT
    19. High data volume search is not just search Enterprise Search is not just a search bar and results, but a complex and sophisticated accessing platform for unstructured data. Information Chain Management (ICM) paradigm as design doctrine of any Enterprise Search Best Practice roadmap. In its complexity ICM compares with the value chain in the oil industry: Relevant information sources are systematically researched, tapped (exploration) and refined in usable information (refinery) and efficiently distributed (exploitation).
    20. Professional search technologies market landscape The size of the bubbles indicates the market share Autonomy acquired Verity in 2006 Fast acquired Convera in 2007 Microsoft acquired Fast in 2008 Features Low Strategy High High
    21. Sofware tools and algorithms: name matching 91.17 ARTHUR HUBBARD HUBBARD BRIAN ARTHUR 90.47 WILLIAM STAUBINGER STAUBITZER WILLIAM 84.55 EMMANUEL OBBI BEN-OBAJE EMMANUEL OCHOLI 80.73 EMMANUEL OBBI MADUKA EMMANUEL OBI 93.29 GERHARD ZERMANN HERMANN GERHARD 90.28 SAMUEL ANDREAS OBBI ANDREAS SAMUEL 89.93 WILFRED PENNA PENA WILFREDO 84.71 WILFRED PENNA PENA CABUS WILFREDO 83.84 WILFRED PENNA PENA PENA WILFREDO GEOVANNI 87.89 KARL DAMPIERRE DAMPIER KARL 97.32 MOHAMMAD NURY NURRI MOHAMMAD 96.97 MOHAMMAD NURY MOHAMMAD NUR 85.06 LEO WALKER WALKER LEN 85.06 LEO WALKER WALKER LEE 85.10 VERONIKA SOUZA GONCALVES DE SOUZA VERONICA MARIA 81.50 VERONIKA SOUZA SANTOS SOUSA DA SILVA VERONICA 81.50 VERONIKA SOUZA SILVA DE SOUSA LAURENI VERONICA 87.07 FREDDY PEREIRA IBANEZ PEREIRA FREDDY JERONIMO 95.89 PETER SANTO SANDHU PETER 90.61 PETER SANTO SANTOS PETER 96.29 MOHAMMAD HAMDI MOHAMMAD HAMDI SADIQ AL-AHDAL MUHAMMAD 96.27 MOHAMMAD HAMDI AL TAHHAN MOHAMMAD HAMDI 96.27 MOHAMMAD HAMDI AL-TAHHAN MOHAMMAD HAMDI 95.77 MOHAMMAD HAMDI AL-AHDAL MOHAMMAD HAMDI SADIQ
    22. Name matching: simple concept – complex application
    23. The role of external content for effective intelligence and risk analysis We spent the last 50 years focusing on the T part of IT, now we should spend another 50 thinking about the I part.
    24. New rules and the “pressure to know”... Rules Consequences FATF: recomendations and blacklists US-PATRIOT Act KYC, KYCC and transaction monitoring EU Anti-Money Laundering Directives National money laundering ordinances Anti-corruption initiatives Higher compliance costs Margin and efficiency reductions High reputational and legal risks High attention on corporate crime by public opinion Sanction risks Intangible reputational risks Higher financial complexity = higher risk of financial fraud Higher automation = less customer intimacy Criminals learn fast
    25. Distribution of compliance incidents © Scalaris AG I I Cost of missing critical information Frequency Severity Small Minor Cases/Incidents Significant Cases/ Incidents Medium Cases/ Incidents Number/Type of required information
    26. Emergence of a risk based governance & compliance
    27. Information proliferation Internal Information Proliferation External information proliferation Identification Improvement of content gathering technologie Classification Paper content becomes digital Suspicious events Archive information will be more available analysts Financial situation Lower value of free content, often considered less trustful Monitoring & Archiving Exponential growth of content production and publishing
    28. The information overload
      • 500 billion web pages
      • 7 million added per day
      • 1 million per day going out of date
      • 14 billion emails daily
      • 45 million scientific articles growing at 5,000 per day
      • Insurance companies receive 35,000 letters per day in UK
      • Enterprise data is doubling every six months
      • Content is becoming a commodity
      • Subscription-based access is limited
      • Market consolidation
      • « Low but steady » growth
    29. Reasons for not finding the right information
    30. The garbage in / garbage out principle: Quality always matters Open web (5-10 % of available Information) Deep web (90- 95% of available Information) Google like search engines Fee-based providers Value-added providers Quantity Diversity Indipendence Quality Timeliness Accuracy Selected information High value Standard format Quality Timeliness Accuracy Regular update Full-text indexing Automated alerts Workflow Integration Confidentiality (thorough anonymisation techniques) Very low Precision & Recall No full text indexing Volatility No confidentiality Limited update Limited Search & Archive Cost Low confidentiality Cost Need of multiple providers
    31. Principles around content selection Fee and value added news aggregators: companies that offer for a fee, general news content that is business –related and electronically-delivered International Content Local Content Local Language Market Content Indexing Local Account Mgmt. Technology Service Integration Personalisation Reliability Consistency Integrity (full text) Customer Service Dependability Consultancy
    32. Principles around content selection Providers Evaluation criterias should include: Source Evaluation criteria should include: Coverage Archive historical depth Languages Local sources availability Exclusive sources Content structure (taxonomy) IT capabilities (indexing, abstracts, translation services, inforrmation relationships) Quality Authority Relevance Trust Timeliness Technical Delivery capability + cost of accessing the content + cost of elaboration & analysis + cost of access + cost of elaboration & analysis
    33. Overview of content providers
    34. Content providers market overview
    35. Overlapping is not a crime Critical information requirement
    36. Global and Local coverage
    37. Perception (isn‘t) reality
    38. Advantages of an intelligent information strategy
      • Research time reduction
      • Reduction of critical information gap
      • Legal, Compliance & Reputational cost reduction
      • Better distinction beetween perception and reality
    39. The role of processes and people
    40. Man, Process and Machine
    41. Know Your Customers, Employees, Suppliers, Partners & Contractors How use Technology and Information to drive Compliance and Crime Due Diligence more effectively Claudio Foglini Senior Consultant – Intelligence Automation Solutions [email_address] Corporate Compliance Gulf Conference Dubai, 29 April 2009
    42. Know Your Customers, Employees, Suppliers, Partners & Contractors:  Cost / Employee Reputational / Legal / Operational Risk / Employee Human Based Analysis Required / Employee Machine Based Analysis Required / Employee External Information Required / Employee + - - - + + + + - - Know Your Employee – Process Example - Prevention Copyright Claudio Foglini
    43. Know Your Customers, Employees, Suppliers, Partners & Contractors:  Cost / Employee Reputational / Legal / Operational Risk / Employee Human Based Analysis Required / Employee Machine Based Analysis Required / Employee Information Required / Employee + - - - + + + + - - Know Your Employee – Process Example - Forensic Copyright Claudio Foglini
    44. Scalaris Intelligence Automation Solutions: our capabilities AySEC Services Ltd. www.crimeduediligence.net
      • Technology
      • Open Source Intelligence Aumation
      • Secure and anonymous
      • Proprietary name matching algorithms
      • Autonomy IDOL - based Multi-lingual search engine
      • Scalable
      • False positive reduction
      • Consulting
      • OSINT and Due Diligence for Corporate, Financial and Military Industries
      • Next Generation KYC processes and tools
      • Expertise with global financial institutions and law enforcement agencies
      • Content
      • Best available content collections
      • Specialized content
      • Internal content integration
      • Information brokering
      • On-demand crime and customer due diligence
      • Research design
      • Research Execution
      • International network
    45. Company check № Object . automatic .pro .master .premium .lux Registration information 1 .01 Company’s Name + + + + + 1.02 Document of juridical list + + + 1.03 Registration details + + + + 1.04 Company hisry from creation moment + + + + + 1.05 Company structure and organization + 1.06 Last changes in constituent documents + + + + 1.07 Major field of activity + + + + + 1.08 Decoding of economic activity   + + + + 1.09 Licenses on kinds of activity (in case of existence)     + + + 1.10 Affiliated organizations + + + 1.11 Existence of subsidiaries and representative companies + + + Location 2.01 Revelation of real location of counteragent + + 2.02 Work with company contact telephones + + + + 2.03 Company web-site research (date of creation, owner, etc.) + + + + p management 3.01 Direcr identification + + + + 3.02 p management (CEO, deputies, Board of direcrs, etc.)     + + + 3.03 p Management Profiles (s. Person check) + Company financial performance 4.01 Extract of balance items + + + 4.02 Information about authorized capital sck + + + + 4.03 Revelation of major debrs and credir   + 4.04 Short decoding of company assets   + + + 4.05 Direction of product movements     + + + 4.06 Company sender / recipient     + + + 4.07 Commodity name     + + + 4.08 Commodities quantity     + + + 4.09 Manufacturer     + + + Relations with business partners 5.01 Revelation and search of clients, suppliers   + + + 5.02 Terms of collaboration with clients, suppliers   + + + 5.03 Sums of last shipments and their purpose   + + + 5.04 Debts suppliers, clients   + + + 5.06 Unfulfilled obligations   + + + 5.07 Recommendations       + + Benchmarking 6.01 Market research and market share of checked company + 6.02 Activity results / Future plans + 6.03 Company strategy + 6.04 Research of company business processes + 6.05 Services and major advantages + 6.06 Competirs distinction + 6.07 Interviewing + Negative 7.01 Pronounced company and management negative information   + + + + 7.02 Courts, arbitration proceeding, sanctions, penalties + + + + + 7.03 Management connections with organized criminal groups, criminal, administrative responsibility     + + + 7.04 Presence in WorldCheck or PFA Factiva records + + + + + Mass media 8.01 Mass media review (Thomson-Reuter or LexisNexis)   + + + +   + 8.02 Mass media digest (cluster analysis) + + + + 8.03 Mass media analysis         + Schemes 9.01 Scheme of affiliated persons interaction     + + + 9.02 Scheme of company organizational structure (position, name, telephone)         +
    46. Crime Due Diligence : Person Check Person check № Rate « Persona » . automatic .pro .master .premium .lux identification 1.01 Time and place of birth + + + + + 1.02 Residence and nationality + + + + + Registration / Real estate 2.01 Information about previous residences   + + + + 2.02 Real estate possession + + + + 2.03 Description of buildings and apartment according location + + + Phone numbers 3.01 Phones numbers on registration addresses (regions individually) + + + + 3.02 Phones numbers on work addresses   + + + + 3.04 Other contact phones   + Family status / relatives 4.01 Family status   + + + + 4.02 Relatives connections revelations   + + + 4.03 Relatives participation in business (shares in authorized capital sck)       + + Person Profile 5.01 Job places revelation + + + + + 5.02 Employer short description     + + + 5.03 Work period + + + 5.04 Position   + + + + 5.06 Psychological portrait         + Business 6.01 Share in authorized capital sck of company + + + + 6.02 C o-founder s       + + 6.03 C o-founder s short description         + Negative 7.01 Criminal, administrative responsibility + + + + + 7.02 Federal police search + + + 7.03 Connections with organized criminal groups +  + + + + 7.04 Mentions in notes of arrested persons   + + + 7.05 Participation in suits       + + Mass media 7.06 Short mass media review   + +   + + + 7.07 Mass media digest (cluster analysis)   +     + + + 7.08 Mass media analysis         + Schemes 8.01 Affiliated persons scheme         +   +
    47. Conclusion
      • Precautionary principle should be applied, by orienting the choice wards the best possible information coverage
        • Content redundancies should be tolerated concentrate on the information gaps that hide high risk areas
      • IT infrastructures / applications can take responsability for full exploitation and dissemination of critical information
        • Complex search engines can perform federated searches and analyse / connect virtually all type of content
      • External information always has two sides
        • It can be a source to reduce risk
        • It can become the source of your problems
      • Humans always outperform machines
        • Technology and content help informed decision making
    48. Thank you for your attention Claudio Foglini Senior Consultant [email_address] +41 79 383 1130

    + Claudio FogliniClaudio Foglini, 3 weeks ago

    custom

    89 views, 0 favs, 0 embeds more stats

    How can open source intelligence (OSINT) solutions more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 89
      • 89 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 0
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved